Access Workflow

Inside senhasegura, when a user tries to make use of a credential for a session or view password, senhasegura checks which access group in which the user is related to the credential has the most restrictive rule.
These rules can be set in the access group creation.

Access through justification

A registration screen will be presented if the requesting user needs to record the reason for using the inside information. And only after sending the justification will it be possible to use it.

The requesting user can list their requests through the PAM Core ➔ Access control ➔ My requests menu.

Access through approval

If the requesting user needs approval to perform the same task, the justification screen is presented with the addition of fields for the period. This period is the time interval that the requester needs to use the credential.

After this time, the credential will be available for automatic password change. And if the approval is for a proxy session, the requester will be immediately disconnected.

Justification form with a request for an access period 

 

The user will be given the following confirmation screen when forwarding the approval request.

After the request is approved, the requesting user receives an e-mail informing him of the access release.

If the inbox is configured in senhasegura, approvers can reply to the email with the words APPROVE or DISAPPROVE to affect their response. Or he can click on the link described in the email.

The system can be done at the PAM Core ➔ Access control ➔ My approvals menu. Record actions allow you to approve, disapprove and see the detail of the request.

Image Caption 

 

At the time of approval, the approver may change the date and time interval.

Approve request form 

 

All the requests and the justified accesses can be seen in the report Access control ➔ Requests.

• Approved: The request was accepted, releasing access.
• Canceled: The request was canceled by the user who created it.
• Revoked: After the request has been accepted, it can be revoked, removing access.
• Pending: At the moment, the request is created and is awaiting approval.
• Disapproved: The request was not accepted.

Whenever an approver revokes a session, if there is more than one approver, the others don't need to revoke it. To access revocation requests, go to PAM Core ➔ Requests.

The emergency access

There is a case in which the requester can skip the approval process if there is a need for immediate emergency use of the credential. We call it emergency access.

When the access group allows the requester to use this feature, the requester will be presented with the emergency access screen right after sending the access request.

Emergency access button 

 

As soon as the requester confirms emergency access, senhasegura will send all approvers the information that the requester had access to in advance.

The access request will be marked with emergency use.

View session videos

To activate approval for viewing session videos in the senhasegura system, go to Settings ➔ System parameters ➔ Remote session the option Enable approval flow for session videos?* must be marked as Yes as in the image below:

System settings

 

Video approval workflow reports

In PAM Core ➔ Access Control, you have the following options:

• My Session Video Requests: Lists all requests made by the user on the screen, displays the history of requests for approvals of video views of user sessions in the system, pending, approved, and disapproved;

• My Session Video Approvals: Lists all approval requests for viewing session videos in the system;

• Session Video Requests: Shows the history of requests to view session videos in the vault and view all previously approved or
  disapproved requests.

Justification for seeing a remote session

Users needing approval to view session videos must fill in a justification. The request will be sent to an approver.